{"id":11160,"date":"2021-12-15T21:20:20","date_gmt":"2021-12-15T18:20:20","guid":{"rendered":"https:\/\/kifarunix.com\/?p=11160"},"modified":"2024-03-18T07:41:01","modified_gmt":"2024-03-18T04:41:01","slug":"integrate-osquery-manager-with-elk-stack","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/integrate-osquery-manager-with-elk-stack\/","title":{"rendered":"Integrate Osquery Manager with ELK Stack"},"content":{"rendered":"\n<p>This guide will take you through how to integrate Osquery manager with ELK Stack. According to their <a href=\"https:\/\/github.com\/osquery\/osquery\" target=\"_blank\" rel=\"noreferrer noopener\">Github page<\/a>, <em>osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. It is available for Linux, macOS, Windows, and FreeBSD<\/em>.<\/p>\n\n\n\n<p>It allows you to query the operating system just like you would query any records from the usual relational databases thus providing you with visibility into your infrastructure and operating systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"integrate-osquery-manager-with-elk-stack\">Integrating Osquery Manager with ELK Stack<\/h2>\n\n\n\n<p>Recent versions of ELK now supports integration with Osquery manager right from the Kibana UI. According to this <a href=\"https:\/\/www.elastic.co\/about\/press\/elastic-announces-osquery-management-integration-for-unified-data-analysis-to-address-cyber-threats\" target=\"_blank\" rel=\"noreferrer noopener\">press release by Elastic<\/a>;<\/p>\n\n\n\n<blockquote class=\"wp-block-quote td_quote_box td_box_center is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>The osquery host management integration, now in beta, enables security teams to use osquery results to address cyber threats without the complexity or cost of a separate management layer. With one click, users can install and orchestrate osquery across their Windows, macOS, and Linux hosts<\/em>.<\/p>\n\n\n\n<p><em>Osquery data is ingested in Elasticsearch and shown in Kibana where users can run live queries with one or more agents, and define scheduled queries to capture changes to an organization\u2019s security state. From a single pane of glass, users can centralize security analytics and contextualize osquery results against other event data, anomalies, and threats, and leverage that context to improve host visibility, analytical power, and monitoring<\/em>.<\/p>\n\n\n\n<p><em>Enhanced capabilities also include prebuilt and custom SQL queries, as well as Kibana query guidance to support users with code completion, code hinting, and content assistance<\/em>.<\/p>\n<\/blockquote>\n\n\n\n<p>With Osquery in Kibana, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>Run live queries for one or more agents<\/em><\/li>\n\n\n\n<li><em>Schedule query packs to capture changes to OS state over time<\/em><\/li>\n\n\n\n<li><em>View a history of past queries and their results<\/em><\/li>\n\n\n\n<li><em>Save queries and build a library of queries for specific use cases<\/em><\/li>\n<\/ul>\n\n\n\n<p>To begin with, setup and configure Fleet Server on ELK cluster<\/p>\n\n\n\n<p>Check our previous guide on how to;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/ship-system-logs-to-elk-stack-using-elastic-agents\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure and Setup Fleet Server<\/a><\/p>\n\n\n\n<p>Install and Enroll agents on remote hosts to monitor<\/p>\n\n\n\n<p>Check this guide as well;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-enroll-elastic-agents-to-fleet-manager-in-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Enroll Elastic Agents to Fleet Manager in Linux<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-osquery-manager-to-kibana\">Add Osquery Manager to Kibana<\/h3>\n\n\n\n<p>Once the above is done, head over to <strong>Kibana &gt; Management &gt; Osquery &gt; Add Osquery Manager<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1770\" height=\"819\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-manager.png\" alt=\"Integrate Osquery Manager with ELK Stack\" class=\"wp-image-11172\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-manager.png?v=1639590663 1770w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-manager-768x355.png?v=1639590663 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-manager-1536x711.png?v=1639590663 1536w\" sizes=\"(max-width: 1770px) 100vw, 1770px\" \/><\/figure>\n\n\n\n<p>Under <strong>Osquery Manager<\/strong>, head over to <strong>Settings<\/strong> and install Osquery manager which is required to setup Kibana and Elasticsearch assets designed for Osquery Manager data by clicking on <strong>Install Osquery Manager assets<\/strong> and confirming the installation on the default Kibana space.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1756\" height=\"648\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/install_osquery-manager-assets.png\" alt=\"\" class=\"wp-image-11459\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/install_osquery-manager-assets.png?v=1643994510 1756w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/install_osquery-manager-assets-768x283.png?v=1643994510 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/02\/install_osquery-manager-assets-1536x567.png?v=1643994510 1536w\" sizes=\"(max-width: 1756px) 100vw, 1756px\" \/><\/figure>\n\n\n\n<p>Once installed, the settings tab should now show installed and latest version of Osquery manager. You will also see other tabs added as <strong>Integration policies<\/strong> and <strong>Assets<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1687\" height=\"747\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-man-to-fleet.png\" alt=\"\" class=\"wp-image-11174\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-man-to-fleet.png?v=1639591018 1687w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-man-to-fleet-768x340.png?v=1639591018 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/add-osquery-man-to-fleet-1536x680.png?v=1639591018 1536w\" sizes=\"(max-width: 1687px) 100vw, 1687px\" \/><\/figure>\n\n\n\n<p>Next, add Osquery manager integration to the fleet by clicking the <strong>Add Osquery Manager<\/strong> button as highlighted on the screenshot above.<\/p>\n\n\n\n<p>Osquery manager integration configuration page opens up.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1876\" height=\"912\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/configure-osquery-manager-integration.png\" alt=\"\" class=\"wp-image-11175\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/configure-osquery-manager-integration.png?v=1639591047 1876w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/configure-osquery-manager-integration-768x373.png?v=1639591047 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/configure-osquery-manager-integration-1536x747.png?v=1639591047 1536w\" sizes=\"(max-width: 1876px) 100vw, 1876px\" \/><\/figure>\n\n\n\n<p>We will go with the default settings, hence click <strong>Save and continue<\/strong> at the bottom of the page.<\/p>\n\n\n\n<p>The configurations will be applied to the Elastic agents already enrolled to the Fleet. Thus confirm and proceed.<\/p>\n\n\n\n<p>Once the changes are saved;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>you will see that the integration policies are updated.<\/li>\n\n\n\n<li>You cannot also uninstall the Osquery manager unless you remove all the integrations.<\/li>\n<\/ul>\n\n\n\n<p>Please note that in order for you to use Osquery manager, there are some privileges required;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em><code>Read<\/code>&nbsp;privileges for the&nbsp;<code>logs-osquery_manager.result*<\/code>&nbsp;index.<\/em><\/li>\n\n\n\n<li><em>Kibana privileges for&nbsp;<strong>Osquery Manager<\/strong>.<\/em>\n<ul class=\"wp-block-list\">\n<li><em>The&nbsp;<code>All<\/code>&nbsp;privilege enables you to run, schedule, and save queries.&nbsp;<\/em><\/li>\n\n\n\n<li><em><code>Read<\/code>&nbsp;enables you to view live and scheduled query results, but you cannot run live queries or edit.<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Under <strong>advanced<\/strong> tab, you will see <strong>live queries<\/strong> and <strong>packs<\/strong>;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Live queries are queries you can run on the fly to query your endpoints<\/li>\n\n\n\n<li>Packs are a set of queries that perform various activities.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1756\" height=\"580\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png\" alt=\"\" class=\"wp-image-11176\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png?v=1639591285 1756w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs-768x254.png?v=1639591285 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs-1536x507.png?v=1639591285 1536w\" sizes=\"(max-width: 1756px) 100vw, 1756px\" \/><\/figure>\n\n\n\n<p>You can also access Osquery Manager Live queries\/Pack settings from Kibana <strong>Management<\/strong> menu &gt; <strong>Osquery<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1904\" height=\"474\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png-2.png\" alt=\"\" class=\"wp-image-11177\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png-2.png?v=1639591309 1904w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png-2-768x191.png?v=1639591309 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/osquery-live-quiries-n-packs.png-2-1536x382.png?v=1639591309 1536w\" sizes=\"(max-width: 1904px) 100vw, 1904px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"querying-remote-host-using-elastic-osquery-manager\">Querying Remote Host using Elastic Osquery Manager<\/h3>\n\n\n\n<p>Now that integration is done, you can query your remote hosts as you would while using stand alone Osquery manager.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-elastic-agent-osquerybeats-tls-connection-with-elastic-stack\">Configure Elastic Agent Osquerybeats TLS connection with Elastic stack<\/h4>\n\n\n\n<p>Note that when you setup Osquery manager integration, it will automatically install <strong>osquerybeats<\/strong> on the Elastic agents already enrolled on to the Fleet manager.<\/p>\n\n\n\n<p>Thus, if you setup Fleet server\/Elastic with HTTPS, you need to configure Osquerybeat with HTTPS to enable communication with Elasticsearch.<\/p>\n\n\n\n<p>In our Elastic agent host, we installed the agent from the repos, thus the configuration files for Osquerybeat is localted at <strong><code>\/var\/lib\/elastic-agent\/data\/elastic-agent-XXXXXX\/install\/osquerybeat-VERSION-linux-x86_64\/osquerybeat.yml<\/code><\/strong>, <\/p>\n\n\n\n<p>If you installed via the TAR file, this config would be located at <strong><code>\/opt\/Elastic\/Agent\/data\/elastic-agent-XXXXXX\/install\/osquerybeat-VERSION-linux-x86_64\/osquerybeat.yml<\/code><\/strong><\/p>\n\n\n\n<p>Where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code><strong>XXXXXX<\/strong><\/code> is some random number.<\/li>\n\n\n\n<li><strong><code>VERSION<\/code><\/strong> is the Elastic version number.<\/li>\n<\/ul>\n\n\n\n<p>Thus, open the respective file for editing and update Elasticsearch output configs;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/var\/lib\/elastic-agent\/data\/elastic-agent-7e56c4\/install\/osquerybeat-7.16.1-linux-x86_64\/osquerybeat.yml<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code># ---------------------------- Elasticsearch Output ----------------------------\noutput.elasticsearch:\n  # Array of hosts to connect to.\n  hosts: [\"192.168.58.22:9200\"]\n\n  # Protocol - either `http` (default) or `https`.\n  protocol: \"https\"\n  ssl.certificate_authorities: [\"\/etc\/ssl\/certs\/kifarunix-demo-fleet-server.crt\"]\n\n  # Authentication credentials - either API key or username\/password.\n  #api_key: \"id:api_key\"\n  username: \"elastic\"\n  password: \"WSZdCjtgn9c8Pphd4St4\"\n<\/code><\/pre>\n\n\n\n<p>Once you are done, restart Elastic Agent;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart elastic-agent<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"query-remote-elastic-agent-host-using-osquery-manager\">Query Remote Elastic Agent Host using Osquery Manager<\/h4>\n\n\n\n<p>To query a remote host;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click <strong>New live query<\/strong><\/li>\n\n\n\n<li>Choose remote host to query based on the elastic agent installation from the list.<\/li>\n\n\n\n<li>Choose a query from saved queries if you already saved some. Otherwise, create a new query. For example a query to get all currently logged in users;<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>select user,tty,host,time from logged_in_users where tty not like '~';<\/code><\/pre>\n\n\n\n<p>Read more on <a href=\"https:\/\/osquery.io\/schema\/5.0.1\" target=\"_blank\" rel=\"noreferrer noopener\">osquery schema<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enter the query and click <strong>Submit<\/strong> to run the query on remote host;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1900\" height=\"867\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query.png\" alt=\"\" class=\"wp-image-11178\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query.png?v=1639592060 1900w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-768x350.png?v=1639592060 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-1536x701.png?v=1639592060 1536w\" sizes=\"(max-width: 1900px) 100vw, 1900px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check the live query results.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1726\" height=\"627\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results.png\" alt=\"\" class=\"wp-image-11179\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results.png?v=1639592089 1726w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-768x279.png?v=1639592089 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-1536x558.png?v=1639592089 1536w\" sizes=\"(max-width: 1726px) 100vw, 1726px\" \/><\/figure>\n\n\n\n<p>Other sample output for the query;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>select * from users;<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1677\" height=\"888\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-2.png\" alt=\"\" class=\"wp-image-11180\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-2.png?v=1639592125 1677w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-2-768x407.png?v=1639592125 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/12\/live-query-results-2-1536x813.png?v=1639592125 1536w\" sizes=\"(max-width: 1677px) 100vw, 1677px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You can view the results in Kibana discover or in lens to create visualization.<\/li>\n\n\n\n<li>You can now run any other query you want on your host with just on click.<\/li>\n\n\n\n<li>You can also <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/osquery.html#osquery-schedule-query\" target=\"_blank\" rel=\"noreferrer noopener\">schedule queries with packs<\/a>.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"elastic-agent-logs\">Elastic Agent Logs<\/h4>\n\n\n\n<p>Be sure to check Elastic agent logs in the directory;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/var\/lib\/elastic-agent\/data\/elastic-agent-XXXXXX\/logs\/default<\/code><\/pre>\n\n\n\n<p>Sample log files;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>filebeat-json.log\nfilebeat-json.log-2021-12-15-00-5\nfilebeat-json.log-2021-12-15-00-6\nfilebeat-json.log-2021-12-15-13-1\nfilebeat-json.log-2021-12-15-13-2\nfilebeat-json.log-2021-12-15-13-3\nfilebeat-json.log-2021-12-15-13-4\nfilebeat-json.log-2021-12-15-13-5\nmetricbeat-json.log\nmetricbeat-json.log-2021-12-14-21-1\nmetricbeat-json.log-2021-12-14-22-1\nmetricbeat-json.log-2021-12-15-00-1\nmetricbeat-json.log-2021-12-15-00-2\nmetricbeat-json.log-2021-12-15-13-1\nmetricbeat-json.log-2021-12-15-13-2\nmetricbeat-json.log-2021-12-15-13-3\nosquerybeat-json.log\nosquerybeat-json.log-2021-12-15-00-1\nosquerybeat-json.log-2021-12-15-00-2\nosquerybeat-json.log-2021-12-15-13-1\nosquerybeat-json.log-2021-12-15-13-2\nosquerybeat-json.log-2021-12-15-13-3\n<\/code><\/pre>\n\n\n\n<p>Also check how to monitor Windows systems using Elastic Osquery Manager;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/monitor-windows-systems-using-elastic-osquery-manager\/\" target=\"_blank\" rel=\"noreferrer noopener\">Monitor Windows Systems using Elastic Osquery Manager<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reference\">Reference<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/osquery.html\" target=\"_blank\" rel=\"noreferrer noopener\">Osquery Kibana guide<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h4>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-enroll-elastic-agents-to-fleet-manager-in-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Enroll Elastic Agents to Fleet Manager in Linux<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-osquery-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Osquery on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-fleet-osquery-manager-on-debian-10\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Fleet Osquery Manager on Debian 10<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This guide will take you through how to integrate Osquery manager with ELK Stack. According to their Github page, osquery is a SQL powered operating<\/p>\n","protected":false},"author":3,"featured_media":11181,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,910,121,1065],"tags":[4372,1852,4371,4373,4368,1066,4370,4369],"class_list":["post-11160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-elastic-stack","category-howtos","category-osquery","tag-elastic-agent","tag-elk-stack","tag-elk-stack-osquery-agent","tag-install-osquery-on-elk","tag-integrate-osquery-manager-with-elk-stack","tag-osquery","tag-osquery-agents","tag-osquery-on-elk-stack","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11160"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=11160"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11160\/revisions"}],"predecessor-version":[{"id":21581,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11160\/revisions\/21581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11181"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=11160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=11160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=11160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}